Handle symlinks under the certs/ directory

Currently, if the `certs/` directory has a symlink inside, we skip it. That is not really intended, it's an unfortunate side-effect of skipping regular files. To fix this, this patch adjusts the logic to only ignore regular files instead. It also adds a message when a directory is skipped, to make it easier to debug permission issues. Thanks to @erjoalgo for reporting this in https://github.com/albertito/chasquid/pull/39, and providing an alternative patch!
2025-12-17 14:37:02 +00:00 · 2023-09-02 13:54:17 +01:00
parent 47535651d2
commit 888b2df4c1
2 changed files with 9 additions and 4 deletions
--- a/chasquid.go
+++ b/chasquid.go
@@ -92,8 +92,8 @@ func main() {
 	// The structure matches letsencrypt's, to make it easier for that case.
 	log.Infof("Loading certificates")
 	for _, info := range mustReadDir("certs/") {
-		if !info.IsDir() {
-			// Skip non-directories.
+		if info.Type().IsRegular() {
+			// Ignore regular files, we only care about directories.
 			continue
 		}

@@ -101,12 +101,16 @@ func main() {
 		dir := filepath.Join("certs/", name)
 		log.Infof("  %s", name)

+		// Ignore directories that don't have both keys.
+		// We warn about this because it can be hard to debug otherwise.
 		certPath := filepath.Join(dir, "fullchain.pem")
-		if _, err := os.Stat(certPath); os.IsNotExist(err) {
+		if _, err := os.Stat(certPath); err != nil {
+			log.Infof("    skipping: %v", err)
 			continue
 		}
 		keyPath := filepath.Join(dir, "privkey.pem")
-		if _, err := os.Stat(keyPath); os.IsNotExist(err) {
+		if _, err := os.Stat(keyPath); err != nil {
+			log.Infof("    skipping: %v", err)
 			continue
 		}

--- a/test/t-01-simple_local/config/certs/symlink
+++ b/test/t-01-simple_local/config/certs/symlink
@@ -0,0 +1 @@
+testserver/